Posted Mar 2, 2007 15:34 UTC (Fri) by aashenfe
In reply to: Signed Executables.
Parent article: Hunting for Rootkits
Very true. SELinux can and probably does provide this and way much more.
I think "way much more" might be the problem.
When I'm looking around for different howto's for certain setups, a number of time it says they disabled SELinux to get the system to work correctly. I try to leave SELinux enabled if I can, but sometimes I still give up and disable it. I'm sure there is a way to configure SELinux correctly, and maybe I'm irresponsible for not figuring it out.
I like the Idea of signed executables because it targets one security question. "Do I let this executable run?" SElinux or AppArmor can then answer the harder to setup question "What do I let this executable do? "
to post comments)